Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/udzura/bpfql

eBPF query runner (Ruby DSL or something useful)
https://github.com/udzura/bpfql

Last synced: 20 days ago
JSON representation

eBPF query runner (Ruby DSL or something useful)

Host: GitHub
URL: https://github.com/udzura/bpfql
Owner: udzura
Created: 2020-02-20T08:28:21.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2020-03-11T11:55:03.000Z (over 4 years ago)
Last Synced: 2024-09-17T17:56:31.855Z (about 2 months ago)
Language: Ruby
Size: 18.6 KB
Stars: 26
Watchers: 8
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - udzura/bpfql - eBPF query runner (Ruby DSL or something useful) (Ruby)

README

# BPFQL

[![Gem Version](https://badge.fury.io/rb/bpfql.svg)](https://badge.fury.io/rb/bpfql)

eBPF query runner. Choose a format in:

* Ruby DSL
* YAML
* SQL-like query language (in the future)

## Installation

Add this line to your application's Gemfile:

```ruby
gem 'bpfql'
```

And then execute:

$ bundle install

Or install it yourself as:

$ gem install bpfql

## Usage

```ruby
BPFQL do
select "*"
from "tracepoint:random:urandom_read"
where "comm", is: "ruby"
_and "pid", is: 12345
end
```

```ruby
BPFQL do
select "count()"
from "tracepoint:syscalls:sys_enter_clone"
group_by "comm"
interval "15s"
end
```

### YAML format

```yaml
BPFQL:
- select: count()
from: tracepoint:syscalls:sys_enter_clone
group_by: comm
stop_after: "30s"
```

```yaml
BPFQL:
- select: count()
from: tracepoint:syscalls:sys_enter_clone
where:
- comm is "ruby"
- pid is 12345
```

* See [examples/](examples/) to find working examples.

## Development

After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).

## Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/udzura/bpfql.